Securing Back End API for Mobile Applications

Posted by El Guapo on Programmers See other posts from Programmers or by El Guapo
Published on 2012-06-18T14:30:38Z Indexed on 2012/06/18 21:23 UTC
Read the original article Hit count: 453

Filed under:
|
|

I have an application that I am writing for both iOS and Android; this application will be served by a ReSTFUL API running on a cluster of servers on "the internets". I am curious how the rest of the world is going about securing their APIs so only specific applications running on iOS or Android can use these APIs.

I could go the same route as other OAuth providers by providing a key/secret combination (2-legged OAuth), however, what do I do if I ever have to change these keys??? Do I create a new key/secret for every person that downloads the app???

The application is a social-based game that will allow the user to interact with other "participants" in the game based on location, achievements, etc.

The API will provide the following functions:

-Questions, Quests, etc -Profile Management -User Interaction -Possible Social Interaction

Once the app gains traction I plan on opening up the API ala Facebook, Twitter, etc. Which is easy enough, I plan on implementing an OAuth Server and whatnot. However, I want to make sure, during this phase, that only people who are using the application can access and use the API.

© Programmers or respective owner

Related posts about api

Related posts about rest